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Abstract — In this paper we present a method for automati- 
cally planning robust optimal paths for a group of robots that 
satisfy a common high level mission specification. Each robot's 
motion in the environment is modeled as a weighted transition 
system, and the mission is given as a Linear Temporal Logic 
(LTL) formula over a set of propositions satisfied by the regions 
of the environment. In addition, an optimizing proposition must 
repeatedly be satisfied. The goal is to minimize the maximum 
time between satisfying instances of the optimizing proposition 
while ensuring that the LTL formula is satisfied even with 
uncertainty in the robots' traveling times. We characterize a 
class of LTL formulas that are robust to robot timing errors, for 
which we generate optimal paths if no timing errors are present, 
and we present bounds on the deviation from the optimal values 
in the presence of errors. We implement and experimentally 
evaluate our method considering a persistent monitoring task 
in a road network environment. 

L Introduction 

The classic motion planning problem considers missions 
where a robot must reach a goal state from an initial state 
while avoiding obstacles. Temporal logics, on the other 
hand, provide a powerful high-level language for specifying 
complex missions for groups of robots [1], [2], [3], [4], 
[5]. Their power lies in the wealth of tools from model 
checking [6], [7], which can be leveraged to generate robot 
paths satisfying desired mission specifications. Alternatively, 
if the mission cannot be satisfied, the tools can be used 
produce a certificate, or counter-example, which proves that 
the mission is not possible. However, in robotics the goal 
is typically to plan paths that not only complete a desired 
mission, but which do so in an optimal manner. In our 
earlier work [8] we considered Linear Temporal Logic (LTL) 
specifications, and a particular form of cost function, and 
provided a method for computing optimal robot paths for a 
single robot. We then extended this approach to multi-robot 
problems by utilizing timed automata [9]. 

The main difficulty in moving from a single robot to 
multiple robots is in synchronizing the motion of the robots, 
or in allowing the robots to move asynchronously. In [10], 
the authors propose a method for decentralized motion of 
multiple robots by restricting the robots to take transi- 
tions (i.e., travel along edges in the graph) synchronously. 
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Once every robot has completed a transition, the robots 
can synchronously make the next transition. While such 
an approach is effective for satisfying the LTL formula, it 
does not lend itself to optimizing the robot motion, since 
robots must spend extra time for synchronization. In [9] we 
approached this problem by describing the motion of the 
group of robots in the environment as a timed automaton. 
This description allowed us to represent the relative position 
between robots. Such information is necessary for optimizing 
the robot motion. After providing a bisimulation [11] of the 
infinite-dimensional timed automaton to a finite dimensional 
transition system we were able to apply our results from [8] 
to compute an optimal run. 

However, enabling the asynchronous motion of robots 
introduces issues in the robustness, and thus implementability 
of the multi-robot paths. Timed-automata rely heavily on the 
assumption that the clocks (or for robots, the speeds), are 
known exactly. If the clocks drift by even an infinitesimally 
small amount, then the reachability analysis developed for 
timed-automata is no longer correct [12], [13]. The intuition 
behind this is that if the robot speeds are not exactly equal 
to those used for planning, then two robots can complete 
tasks in a different order than was specified in the plan. This 
switch in the order of events may result in the violation of 
the global mission specification. 

In this paper, we address this issue by characterizing a 
class of LTL formulas that are robust to such timing errors. 
For simplicity of presentation, we assume that each robot 
moves among the vertices of an environment modeled as 
a graph. However, by using feedback controllers for facet 
reachability in poly topes [14] the method developed in this 
paper can be extended to robots with continuous dynamics 
traversing an environment with poly topic partitions. The 
characterization relies on the concept of trace-closedness of 
languages, which was first applied in multi-robot planning 
in [15]. For these languages, we can guarantee that any de- 
viation from the planned order of events due to uncertainties 
in the speeds of robots will not result in the violation of the 
global specification. 

The contribution of this paper is to present a method for 
generating paths for a group of robots satisfying general LTL 
formulas, which are robust to uncertainties in the speeds of 
robots, and which perform within a known bound of the 
optimal value. We focus on minimizing a cost function that 
captures the maximum time between satisfying instances of 
an optimizing proposition. The cost is motivated by problems 
in persistent monitoring and in pickup and delivery problems. 
Our solution relies on using the concept of trace-closedness 



to characterize the class of LTL formulas for which a robust 
solution exists. For formulas in this class, we utilize a similar 
method as in [9] to generate robot plans. We then propose 
periodic synchronization of the robots to optimize the cost 
function in the presence of timing errors. We provide results 
from an implementation on a robotic test-bed, which shows 
the utility of the approach in practice. 

The organization of the paper is as follows. In Section [IH 
we give some preliminaries in formal methods and trace- 
closed languages. In Section |IIl| we formally state the motion 
planning problem for a team of robots, and we present our 
solution in Section |IV] In Section |Vj we present a hardware 
implementation for a team of robots performing persistent 
data gathering missions in a road network environment. 



Finally, in Section VI we conclude with final remarks. 



II. Preliminaries 

For a set S, we use 2^, S*, and T^^ to denote its 
cardinality, power set, set of finite words, and set of infinite 
words, respectively. Moreover, we define = S* U 
and denote the empty string by 0. 

Definition II.l (Transition System). A (weighted) transition 
system (TS) is a tuple T := (Qt, ^t, Ht, >Ct, '^t). 
where 

(i) Qt is a finite set of states; 

(ii) G Qt is the initial state; 

(iii) 5t ^ Qt x Qt is the transition relation; 

(iv) IIt is a finite set of atomic propositions (observations); 

(v) £t • Qt 2^'^ is a map giving the set of atomic 
propositions satisfied in a state; 

(vi) : 5t M>o is a map that assigns a positive weight 
to each transition. 

We define a run of T as an infinite sequence of states 
rx = q^q^ . . . such that q^ = q^, q^ G Qt and {q^, q^^^) G 
^T for all /c > 0. A run generates an infinite word cjt = 
C{q^) C{q^) . . . where C{q^) is the set of atomic propositions 
satisfied at state q^ . 

Definition II.2 (LTL Formula). An LTL formula (j) over the 
atomic propositions 11 is defined inductively as follows: 

^ ::= T I a I ^V^ I ^A^ I - ^ I | (t)U (j) 

where T is a predicate true in each state of a system, a G 11 
is an atomic proposition, (negation), V (disjunction) and 
A (conjunction) are standard Boolean connectives, and X 
and U are temporal operators. 

LTL formulas are interpreted over infinite words (gener- 
ated by the transition system T from Def. |II.1| ). Informally, 
X a states that at the next position of a word, proposition a is 
true. The formula ai U ol2 states that there is a future position 
of the word when proposition ol2 is true, and proposition ol\ 
is true at least until ol2 is true. From these temporal operators 
we can construct two other temporal operators: Eventually 
(i.e., future), F defined as F(/) := (f), and Always (i.e., 
globally), G, defined as G (/>:=-! F -i ^. The formula G (j) 
states that (j) is true at all positions of the word; the formula 



F (j) states that (j) eventually becomes true in the word. More 
expressivity can be achieved by combining the temporal and 
Boolean operators. We say a run tt satisfies (j) if and only 
if the word generated by tt satisfies (j). 

Definition II.3 (Btichi Automaton). A Buchi automaton is 
a tuple B := (<Sb, *Sg, Sb, ^b, -^b). consisting of 

(i) a finite set of states 5b; 

(ii) a set of initial states C 5b; 

(iii) an input alphabet Sb; 

(iv) a non- deterministic transition relation 5^ ^ 5b x Sb x 
5b; 

(v) a set of accepting (final) states Tb ^ 5b. 

A run of B over an input word uj = u^u^ ... is a sequence 
tb = 5^5^ . . ., such that G 5g, and {s^,u^, 5^+^) G (5b, 
for all > 0. A Biichi automaton B accepts a word over Sb 
if and only if at least one of the corresponding runs intersects 
with infinitely many times. For any LTL formula (j) over 
a set n, one can construct a Biichi automaton with input 
alphabet Sb = 2^ accepting all and only words over 2^ 
that satisfy (j). 

Definition II.4 (Prefix-Suffix Structure). A prefix of a run 
is a finite path from an initial state to a state q. A periodic 
suffix is an infinite run originating at the state q reached 
by the prefix, and periodically repeating a finite path, which 
we call the suffix cycle, originating and ending at q, and 
containing no other occurrence of q. A run is in prefix-suffix 
form if it consists of a prefix followed by a periodic suffix. 

Definition II.5 (Language). The set of all the words ac- 
cepted by an automaton B is called the language recognized 
by the automaton and is denoted by Lb- 

Definition II.6 (Distribution). Given a set the collection 
of subsets T^i ^ T,, \/ i = 1^ . . . is called a distribution 

Definition II.7 (Projection). For a word uo G and a 
subset C S, f^]. denotes the projection of uj onto S^, 
which is obtained by removing all the symbols in uj that are 
not in T^i. For a language L C and a subset C 
L f^. denotes the projection of L onto S^, which is the set of 
projections of all words in L onto S^, i.e., {uj \ uj e L}. 

Definition II.8 (Trace-Closed Language). Given the distri- 
bution {Si, . . . , T^rn} ofTi and the words uj^ uj' G S^, uj' is 
trace -equivalent to uj, denoted uj' ~ uj, iff their projections 
onto each one of the subsets in the given distribution are 
equal, i.e., uj ^' for each i = l,...,m. For 

{Si, . . . , S^}, the trace-equivalence class of uj is given by 
[uj] = {uj' G I uj' \^- = fj]. Vz = 1, . . . , m}. Finally, a 
trace-closed language over {Si, . . . , S^} is a language L 
such that [uj] C L, W uj e L. 

III. Problem Formulation and Approach 

In this section we introduce the multi-robot path planning 
problem with temporal constraints, and we motivate the need 
for solutions that are robust to uncertain robot speeds. 



A. Environment Model and Initial Formulation 
Let 

S = {V,^s) (1) 

be a graph, where V is the set of vertices and -^gC V x V 
is the set of edges. In this paper, S is the quotient graph 
of a partitioned environment, where F is a set of labels for 
the regions in the partition and is the corresponding 
adjacency relation. For example, V can be a set of labels 
for the roads, intersections, and buildings in an urban-like 
environment and -^g gives their connections (see Fig. |4]). 

Consider a team of m robots moving in an environ- 
ment modeled by E. The motion capabilities of robot 
i G {l,...,m} are represented by a TS = 
{Qi^q^ ^Si^Ui^ Ci^Wi), where Qi ^V; is the initial vertex 
of robot i; Si C^g is a relation modeling the capability 
of robot i to move among the vertices; 11^ is the subset 
of propositions 11 assigned to the environment that can be 
satisfied by robot i such that {IIi, . . . , 11^} is a distribution 
of 11; Ci is a mapping from Qi to 2^^ showing how the 
propositions are satisfied at vertices; Wi{q^q') captures the 
time for robot i to go from vertex q to q\ which we assume 
to be an integer. In this robotic model, robot i travels along 
the edges of T^, and spends zero time on the vertices. We 
assume that the robots are equipped with motion primitives 
which allow them to move from q to q' for each {q^q') G Si. 

In our previous work [9] we considered the case where 
there is an atomic proposition tt G 11, called the optimizing 
proposition, and a multi-robot task specified by an LTL 
formula of the form 

(j):=(pA GFtt, (2) 

where (p can be any LTL formula over 11, and GFtt specifies 
that proposition tt must be satisfied infinitely often. As 
an example, in a persistent data gathering task, tt may be 
assigned to regions where data is uploaded, i.e., tt = Upload, 
while (f can be used to specify rules (such as traffic rules) 
that must be obeyed at all times during the task [8]. 

Our goal in [9] was to plan multi-robot paths that satisfy 
(j) and minimize the maximum time between satisfying 
instances of tt. In data gathering, this corresponds to min- 
imizing the maximum time between data uploads. To state 
this problem formally, we assume that each run = q^q] • • • 
of (robot i) starts at t = and generates a word uji = 
uj^ujj . . . and a corresponding sequence of time instances 
Ti := t^it]... such that the k^^ symbol cjf = Ci{q^) is 
satisfied at time t^. Note that, as robots spend zero time on 
the vertices, each cjf has a unique which is the instant 
when robot i visits the corresponding vertex. To define the 
behavior of the team as a whole, we consider the sequences 
as sets and take the union UHi order this set in 

ascending order to obtain T := t^t^^ — Then, we define 
^team^team • • • to be the word generated by the 
team of robots where the k^^ symbol ujteam the union 
of all propositions satisfied at time t^. Finally, we define 
the infinite sequence = T^(l), T^(2), . . . where T^(/c) 
stands for the time instance when the optimizing proposition 



TT is satisfied for the k^^ time by the team. Thus, the problem 
is that of synthesizing individual optimal runs for a team of 
robots so that Uteam satisfies (j) and minimizes 

J(T^) = limsup {r{k + 1) - r{k)) . (3) 

Since we consider LTL formulas containing GFtt, this 
optimization problem is always well-posed. 

B. Robustness and Optimality in the Field 

In this paper, we are interested in the implementability 
of our previous approach in the case where our model 
is not exact in the weights of transitions. Particularly, we 
consider the case where the actual value of Wi{q^q') that 
is observed during deployment, denoted by Wi{q^q'), is a 
non-deterministic quantity that lies in the interval [(1 — 
Pi)wi{q, q^) ^ Pi)wi{q^ q^)] where pi is the deviation value 
of robot i which is assumed to be known a priori. In the 
following, we use the expression "in the field'' to refer to 
the model with uncertain traveling times, and use x and x 
to denote the planned and actual values of some variable x. 

The question becomes, if we use the runs generated from 
our previous approach in the field, will the formula (j) still 
be satisfied? 

Given the word uJteam that characterizes the planned run 
of the robotic team and the distribution {Hi, ... , 11^}, the 
actual word ojteam generated by the robotic team during 
its infinite asynchronous run in the field will be one of the 
trace equivalents of oJteam, i-e., uJteam ^ [^team] due to the 
uncertainties in the traveling times of the robots. This leads 
to the definition of critical words. 

Definition III.l (Critical Words). Given the language Lb 
of the Buchi automaton that corresponds to the LTL formula 
(j) over n, and given a distribution of II, we define the word 
uj over H to be a critical word if3ujG [uj] such that Co ^ L^- 

Thus, we see that if the planned word is critical, then 
we may not satisfy the specification in the field. This can 
be formalized by noting that the optimal runs that satisfy 
([2]) are always in a prefix- suffix form [16], where the suffix 
cycle is repeated infinitely often. Using this observation and 
Def . |III.1| we can formally define the words that can violate 
the LTL formula during the deployment of the robotic team. 

Proposition III.2. If the suffix cycle of the word uoteam is 
a critical word, then the correctness of the motion of the 
robotic team during its deployment cannot be guaranteed. 

Proof. We denote the actual word generated by the robotic 
team in the field by Coteam whereas uoteam stands for the 
planned word. Suppose that for each robot pi = e, and in 
the suffix cycle we have UJteam ^team generated by 
robots i and j at positions k and k -\- r that must not be 
swapped, because if they do uteam violates (j). Note that we 
are guaranteed to find such symbols as we assume the suffix 
cycle to be a critical word. In the worst-case, for the symbols 
to swap, we must have {l-\-e)t^ > (1 — e)t^^^ . Solving for 
e, we get e > (t^+^ -t^)/(t^ +t^+^). However, as the suffix 



is an infinite repetition of the suffix cycle, lim/e^oo(^^^^ — 
t^)/{t^ + = and ^ is violated for any e > 0. ■ 

In addition, we can consider the performance of the team 
during deployment in terms of the value of the cost function 
([Sj observed in the field. Using the same arguments presented 
in Prop. III. 2 it can be easily show that, the worst-case field 
value of ([3]) will be the minimum of (Ji, . . . , Jm) where 
Ji is the maximum duration between any two successive 
satisfactions of tt by robot i in the field. This effectively 
means that there is no benefit in executing the task with 
multiple robots, as at some point in the future the overall 
performance of the team will be limited by that of a single 
member. 

C. Robust Problem Formulation 

To characterize the field performance of the robotic team 
and to limit the deviation from the optimal run during 
deployment, we propose to use a synchronization protocol 
where robots can synchronize with each other only when 
they are at the vertices of the environment. We assume 
that there is an atomic proposition Sync G 11, called the 
synchronizing proposition, and we consider multi-robot tasks 
specified using LTL formulas of the form 



'-'sync 



if A GFtt a GFSync, 



(4) 



where if can be any LTL formula over 11, tt is the opti- 
mizing proposition and Sync is the special synchronizing 
proposition that is satisfied only when all members of the 
robotic team occupy vertices at the same time. We can now 
formulate the problem. 

Problem III.3. Given a team of m robots modeled as 
transition systems T^, i = 1 , . . . , m, and an LTL formula 
4^ sync over n in the form synthesize individual runs rifor 
each robot such that minimizes the cost function ([3j, and 
oJteam^ the word observed in the field, satisfies (psync 



are 



Note that the runs produced by a solution to Prob. III. 3 
guaranteed not to violate (l)sync even if there is a mismatch 
between the weights Wi{q^q') used for the solution of the 
problem and the actual traveling times observed in the field. 
Since ujteam observed in the field is likely to be sub-optimal, 
we will also seek to bound the deviation from optimality in 
the field. 

D. Solution Outline 

In [9], we showed that the joint behavior of a robotic team 
can be captured by a region automaton. A region automaton, 
as defined next, is a finite dimensional transition system that 
captures the relative positions of the members of the robotic 
team. This information is then used for computing optimal 
trajectories. 

Definition III.4 (Region Automaton). The region automa- 
ton R is a TS (Def^ R := (Qr, (5r, Hr, ^r, ^r), 
where 

(i) Qr is the set of states of the form (q^r) such that 



(a) q is a tuple of state pairs (<7i^i, . . . , qmQm) where 
the i^^ element qiq^ is a source-target state pair 
from Qi of meaning robot i is currently on its 
way from q^ to q[, and 

(b) r is a tuple of clock values (xi, . . . , Xm) where 
the i^^ element denotes the time elapsed since 
robot i left state q^. 

(ii) q^^ is the initial state that has zero-weight transitions 
to all those states in Qr with r = (0, . . . , 0) and q = 
{QiQi^ . . . , q^q'm) such that qf is the initial state ofTi 
and (qi^q-) G S^. 

(iii) 5r is the transition relation such that a transition from 
(q^r) to {q' ^r') exists if and only if 

(a) {qi^q[)^ (Qi^Qi) ^ for all changed state pairs 
where the i^^ element qiq[ in q changes to q[q'l 
in q', 

(b) Wi {qi ^q[) — Xi of all changed state pairs are equal 
to each other and are strictly smaller than those 
of unchanged state pairs, and 

(c) for all changed state pairs corresponding x[ in 
r' becomes x • = and all other clock values in 
r are incremented by Wi{qi, q[) — Xi in r' . 

(iv) IIr = U^^n^ is the set of propositions; 

(v) >Cr : Qr 2^^ is a map giving the set of atomic 
propositions satisfied in a state. For a state with q = 
{qiq[, . . . , qmq'm)^ ^r{{q^ r)) = W^^^Ciiqi); 

(vi) : Sr is a map that assigns a 
non-negative weight to each transition such that 
^r{{q^ ^0) = Q'i)—^ifor each state pair 
that has changed from qiq[ to q[q'l with a correspond- 
ing clock value of x[ = in r' . 

Example III.5. Fig. [2] illustrates the region automaton R 
that corresponds to the robots modeled with Ti and T2 
given in Fig. [7] There is a transition from ((6a, 6c), (0, 0)) 
to {{ba^cb), ^i^h weight 1 in R because (b^c) G 62, 

'^2(6, c) = 1, and wi{b^ a) ^ 1. 

Our solution to Problem [111.31 can be outlined as follows: 

(i) We check if the LTL formula (psync is trace-closed 
guaranteeing that it will not be violated in the field 
(See Sec. [IV-A| ); 

(ii) We prepare the serialized region automaton of the 
robotic team with synchronization points by modifying 
the output of our earher algorithm Obtain-Region- 
AUTOMATON [9] (See Sec. [TV-B] ); 

(iii) We find optimal runs on individual T^s using the 
Optimal-Run algorithm we previously developed in 
[16] and use a synchronization protocol to calculate 
an upper bound on the cost function ^ for given 
deviation values to obtain the solution to Prob. IIII.3I 
(See Sec. [IV-Cl ). 

IV. Problem Solution 
In this section, we explain each step of the solution to 



Prob. III. 3 in detail. In the following, we use a simple 
example to illustrate ideas as we develop the theory for the 



general case. We present an experimental evaluation of our 
approach considering a more realistic scenario in Sec. [V| 

A. Trace-Closedness of the Original Formula 



Prop. IV. 1 shows how trace-closedness of ( 



c guarantees 

correctness in the field. In the following, we say an LTL 
formula (j)sync is trace-closed if the language Lb of the 
corresponding Biichi automaton is trace-closed in the sense 
of Def . HTSl 



Proposition IV. 1. If the general specification (psync is a 
trace-closed formula with respect to the distribution given 
by the robots ' capabilities, then it will not be violated in the 
field due to uncertainties in the speeds of the robots. 



Proof From Defs. II. 8 and III.l we know that if we can 
find a run that satisfies a trace-closed LTL formula, then the 
word uJteam produccd by the run will not be a critical word. 
Since uJteam is not a critical word, ^ Uteam ^ [^team] such 
that UJteam ^ ^B- Thus, rcgardlcss of the pi values of the 
robots, (j) will not be violated in the field due to robot timing 
errors as any uJteam ^ [^team] will also be in Lb. ■ 

Thus, in order to guarantee correctness in the field, we first 



check that 



''sync 



is trace-closed using an algorithm adapted 



from [17]. However, as trace-closedness is not well-defined 
for words over 2^, we construct a Biichi automaton whose 
language Lb is over the set 11. 

Example IV.2. Fig. [7] illustrates the environment where 
two robots are expected to satisfy a task given by a for- 
mula in the form of ^ where (p = GFrlP A GFr2P, 
El = {rlP, 7r,Sync}, 112 = {r2P, tt, Sync}, and U = 
{rlP, r2P, TT, Sync}. 





b 

TV 



(a) 



(b) 



Fig. 1: TS's Ti and T2 of two robots in an environment with three vertices. 
The states correspond to vertices {a, 6, c}, the edges represent the motion 
capabiHties of each robot, and the weights represent the traveUng times 
between any two vertices. The propositions rlP, r2P and tt are shown next 
to the vertices where they can be satisfied by the robots. 

After checking that (j)sync is trace-closed, we proceed by 
obtaining the serialized region automaton with synchroniza- 
tion points where the Sync proposition is satisfied. 




Fig. 2: Region automaton obtained using Obtain-Region-Automaton 
[9] that captures the joint behavior of the robotic team given in Fig.^ Sync 
states where all robots occupy vertices, i.e., states with all zero clock values, 
are highlighted in blue. 



the special Sync proposition to the states where all robots 
occupy some vertex in their TS's simultaneously, i.e., states 
with r = (0, . . . , 0). Note that, these are the states that will 
be used to calculate a bound on optimality when the robots 
are deployed in the field. We then expand the states where 
multiple propositions are satisfied simultaneously to obtain 
User where at most one proposition is satisfied at each state. 
This ensures that languages of both the Biichi automaton that 
corresponds to (l)sync and R^er are over 11. 

Example |IV.2| Revisited. Fig. |2] illustrates the region 
automaton R that captures the joint behavior of the team 
given in Fig. [7] The serialized region automaton with syn- 
chronization points Rser that corresponds to R is given in 

Fig. g 




Fig. 3: Serialized region automaton with synchronization states obtained 



after 
are 



r applying Alg.QJto R in Fig. [2] New states introduced after serialization 
highlighted in blue. Red arrows stand for zero- weight transitions. 



Remark IV.3. Since 



is trace-closed, the serialization 



can be done in any order Since all possible orderings belong 
to the same trace-equivalent class, they do not affect the 
satisfaction of the formula. 

C. Finding the Robust Optimal Run and the Optimality 
Bound 

After obtaining the serialized region automaton R^er, 



we find an optimal run on Rser that minimizes the 
cost function ^ using our earlier OPTIMAL-RUN algorithm 
[16]. The optimal run is always in a prefix- suffix form 
If ^sync is a trace-closed formula, we obtain the region ^^^^ ^ Furthermore, as satisfies 



B. Obtaining the Serialized Region Automaton with Synchro 
nization Points 



automaton that captures the joint behavior of the robotic 
team using Obtain-Region- AUTOMATON [9]. Next, using 
Alg. [T] we first introduce synchronization states by adding 



^syno 



it has at 

least one synchronization point in its suffix cycle, which we 
assume to start with a synchronization point. 



Algorithm 1: Serialize-Region-Automaton 
Input: A region automaton R obtained using 

Obtain-Region-Automaton . 
Output: User, the serialized region automaton with 
synchronization states, such that at most one 
proposition is satisfied at each state. 

1 foreach State {g, r} m R do 

2 
3 



Algorithm 2: Sync-Run 



4 
5 
6 

7 
8 
9 
10 
11 



12 



13 



14 



if r = (0, ...,0) then 
^Add Sync to propositions satisfied in {q^r}. 

k < — Number of propositions satisfied in {q^r}. 
if A: > 1 then 

propsTuple ^ The tuple (pi, . . . , pk) of 
propositions satisfied in {g,r}. 
Copy {q^ r} k times to obtain {q^ rj'^, . . . ^{q^ r}'^. 
foreach i = 1, . . . , /c do 

>C({g,r}-) ^ propsTuple[i]. 
if i < k then 

Add {g, r} • {g, r} -^^ to Sr with zero 
weight. 

Re-direct all incoming transitions of {g, r} to 

{q,r}[. 

Originate all outgoing transitions of {g, r} from 
Remove {g, r} from Qr. 



Definition IV.4 (Projection of a run on R to T^s). Given 
T and the corresponding run tr on User where 

rR = {{qUh • • • , ^m^m), (^1, • • • , ^m)) 

7 • • • 7 QmQm)^ (^l7 • • • 7 ^m)) • • • ' 

we define its projection on as run Vi = q^qj . . . for all 
i = 1, . . . , m, where qf only appears in Vi if = and 
T{k)^T{k^l). 

In [9] we show that the individual runs obtained by the 



projection in Def. |IV.4| are equivalent to the region automaton 
run tr in the sense that they produce the same word Uteam- 



Using Def. IV.4 we project the optimal run to individual 
T^s to obtain the set of optimal individual runs {rjf , . . . , rj^}. 
As the robots execute their infinite runs in the field, they 
synchronize with each other at the synchronization point 
following the protocol given in Alg. [2] ensuring that they 
start each new suffix cycle in a synchronized way. Using 
this protocol, we can define a bound on optimality, i.e., the 
value of the cost function ^ observed in the field, as given 
in the following proposition. 

Proposition IV.5. Suppose that each robot's deviation value 
is bounded by p > (i.e., pi < p for all robots i), and let 
J(T^) be the cost of the planned robot paths. Then, if the 
robots follow the protocol given in Alg. |2] the field value of 
the cost satisfies 



Input: A run of robot k in the prefix- suffix form 
with at least one synchronization point in its 
suffix cycle. 

1 begin 

2 syncPoint ^ First synchronization point in the 
suffix. 

3 teamFlags ^ (0, . . . , 0). 

4 while True do 

5 if syncMessage received from robot i then 

6 \jteamFlags[i] ^ 1. 

7 if currentState = syncPoint then 

8 Stop 

9 Broadcast syncMessage. 

10 teamFlags[k] ^ 1. 

11 if teamFlags = (1, . . . , 1) then 

12 teamFlags ^ (0, . . . , 0). 

13 Continue executing Vk- 



where ds is the planned duration of the suffix cycle. 

Proof. In the following, we take the suffix to begin at 
a synchronization point. The suffix consists of an infinite 
number of repetitions of the suffix cycle, which we denote 
Let ds be the planned duration of ^c, let be the number 
of optimizing propositions satisfied in S^- Let us redefine 
t = to be the time when the suffix starts, and let 
be a sequence of length ns recording the times that the 
optimizing proposition is satisfied on the first repetition of 
Sc- Note that, as we consider infinite runs and as the process 
restarts itself at the beginning of each by means of the 
synchronization protocol given in Alg. [2j we only need to 
consider the first repetition of Sc- We first define 

T! = f^(z)(l-p) 

T^ = f"(z)(l + p) 

t^ =ds(l^p) 

where, and are the earliest and latest times that the 
i\h optimizing proposition can be satisfied, respectively. The 
value is the latest time that the second repetition of Sc can 
begin. Then, for < z < n^, the worst-case time between 
satisfying the zth optimizing proposition and the {i + l)th 
optimizing proposition is 




Next, in the planned paths, multiple robots may simultane- 
ously satisfy the i\h optimizing proposition. In the field, these 
satisfactions will not occur simultaneously. The maximum 
amount of time between the first and last of these satisfying 
instances for the zth proposition, for < z < ng, is 



J(T-)< J(T-)+/>(J(T-) + 24), 



(6) 



Finally, using ([5]) and ([6]) we obtain the upper bound on 
the value of the cost function ^ that will be observed during 
deployment as 



J(T^) = max{max{r*'*+^},max{r*}}. 



(7) 



Substituting the definitions for T*, T^, and into ^ we 
obtain r*'*+^ = 



f"(z + l)(l + p)-f"(z)(l-p) 

(i + p)(4 + T-(i)) -f-K)(i 



p) 



if < i < Us 
if i = 



But, we have that J(T^) > T^(z + 1) -T^(z), and J(T^) > 
4 + T^(l) - T^(n,). In addition, f^(l) < J(T^) and 
T^(z) < ds for all i G {2, . . . , ng}. Using these expressions 
we obtain 



< J(T-)+p(J(T-) + 24). 



Similarly, we get 

r^< J(T^) + 2p4, 
and thus J(T^) < J(T^) + p( J(T^) + 24 



Remark IV.6. Pr6>/7. \IV5\ we have provided a conser- 
vative bound for ease of presentation. However, we can 
calculate an exact bound on the field value of the cost J(T^) 
using a treatment similar to the proof of Prop \IV.5\ 



Example |IV.2| Revisited. For the example we have shown 
throughout this section, applying Alg. OPTIMAL-RUN [16] 
to Rser given in Fig. ^and the formula (l)sync •= GFrlP A 
GFr2P A GFtt A GFSync results in the optimal run with 
the prefix 



T 
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2 


2 


2 


3 




ab,ab 
(0,0) 


ba,bc 
(0,0) 


ba,bc 
(0,0) 


ba,bc 
(0,0) 


ba,bc 
(0,0) 


ba,cb 
(1,0) 




Sync 


rlP 


Sync 


r2P 


7T 




he suffix cycle 












T 


4 


4 


4 


6 


6 


6 




ab,ba 
(0,0) 


ab,ba 
(0,0) 


ab,ba 
(0,0) 


ba,ab 
(0,0) 


ba,ab 
(0,0) 


ba,ab 
(0,0) 




r2P 


Sync 


7T 


rlP 


Sync 


7T 



which will be repeated an infinite number of times. In the ta- 
ble above, the rows correspond to the times when transitions 
occur, the run r^, and the satisfying atomic propositions, 
respectively. For this example, = 2,4,6,8,10,... and 
the cost as defined in ^ is J(T^) = 2. Furthermore, when 
the robotic team is deployed in the field, this cost is bounded 
from above by 2.5 for pi = p2 = 0.05 given by Prop. IV.5 



Applying Def. IV.4 to we have the following individual 
runs: 

2 3 4 6 8 10 ... 



b c b a b a 

Note that, at time t = 3, the second robot has arrived at c 
while the first robot is still traveling from b to a, therefore the 
clock of the first robot is not zero at this time, i.e., xi ^ 0, 
and b does not appear in at time t = 3. 



We finally summarize our approach in Alg. [3] show that 
this algorithm indeed gives a solution to Prob. |III.3 and 
analyze the overall complexity of our approach. 

Algorithm 3: Robust-Multi-Robot-Optimal-Run 
Input: m T^'s and a global LTL specification (l)sync of 
form (|4]). 

Output: A set of robust optimal runs {rjf , . . . , r^} that 



satisfies (j)sync^ minimizes ([3]), and the bound 
on the performance of the team in the field. 



1 begin 

2 



9 

10 



(l^sync := ^ A GFtt A GFSync. 
if (psync is trace-closed then 

Obtain the region automaton R using 
Obtain-Region- Automaton [9]. 
Obtain R^er using 
Serialize-Region-Automaton . 
Find the optimal run applying Optimal -RUN 

[16] to Rser and (t)sync' 

Obtain individual runs from using Def. 
Find the bo und on optimality as given in 
Prop. [ivJ 

else 

^Abort. 



IV.4 



Proposition IV.7. Alg. |j] solves Prob. \III.3 

Proof. Note that Alg. [3] combines all steps outlined in this 
section. The planned word Uteam generated by the entire 
team satisfies (l)sync and minimizes ([3]), as shown in [9]. 

is trace-closed, the optimal satisfy- 



Furthermore, since ( 
ing run is guaranteed not to violate 



^sync 



timing errors as given in Prop. IV. 1 Therefore, {rjf , . . 
as obtained from Alg. [3] is the solution to Prob. |III.3 



^sync 



in the field due to 

-CI 



Proposition IV.8. For the case where a group of m identical 
robots are expected to satisfy an LTL specification (j) in a 
common environment with A edges and a largest edge weight 
ofW, the worst-case complexity of Alg. ^is 0((A • WY 
2O(I0I)). 



^3m 



Proof. From [9], the number of states of the region automa- 
ton R is bounded by 




where m is number of robots and Wi is largest edge weight 
in TS Ti of robot i. Then, for the above mentioned case, 
the worst-case size of the region automaton is 0((A • W)'^) 
. In [8], the authors give the worst-case complexity of the 
Optimal-Run algorithm as 0(|Tp • 2^(1^1)) where |T| is 
the number of states of the input transition system and |0| is 
the length of the LTL specification. Therefore, the worst-case 
complexity of Alg. [3] becomes 0((A • Wf"^ • 2^(1^1)). ■ 




Fig. 4: (a) Road network used in the experiments (b) The model of the road 
network with weights shown in blue. 1 time unit in this model corresponds 
to 3 seconds. The red and blue regions are data gathering locations of robots 
1 and 2, respectively and the green region is the common upload location. 
CW and CCW stand for clockwise and counter-clockwise, respectively. 



V. Implementation and Case Studies 

We implemented Alg. |3] in objective-C as the software 
package LTL Robust Optimal Multi-robot Planner 
(LROMP) and used it in conjunction with our earher 
Optimal-Run [16] algorithm to obtain robust and optimal 
trajectories for robots performing persistent data gather- 
ing missions in a road network environment. The soft- 
ware package, available at |http : //hyness . bu . edu/| 
[Software . html , utilizes the dot tool [18] to visualize 
transition systems and the OPTIMAL-RUN algorithm uses 
the LTL2BA software [19] to convert LTL specifications to 
Biichi automata. Following the steps detailed in Sec|IVj the 
software first creates the serialized region automaton with 
synchronization states User using T^s defined by the user 
and exports an M-file which defines R^er in Matlab. Next, 
(l)sync is checked for trace-closedness, after which OPTIMAL- 
RUN algorithm is executed in Matlab to find the optimal 
run on User- Finally, an upper bound on the field value 
of the cost function ^ is computed and is projected 
to individual T^, i = l,...,m, to obtain the solution to 
Prob. HlOl 

Fig. |4] illustrates our experimental platform, which is a 
road network consisting of roads, intersections, and task 
locations. The figure also shows the transition system that 
models the motion of the robots on this road network where 
1 time unit corresponds to 3 seconds. In the following, the 
transition systems are identical except for their initial 
states and the sets of propositions that can be satisfied at 
states. 

In our experiments, we consider a persistent monitoring 
task where two robots with deviation values of pi = 0.09, 
P2 = 0.04 repeatedly gather and upload data and the maxi- 
mum time in between any two data uploads must be mini- 
mized. We require robots 1 and 2 to gather data at 7 and 8 in 




Fig. 5: Team trajectories used in the experiments. The red and blue regions 
are data gathering locations of robots 1 and 2, respectively and the green 
region is the common upload location. The circles on the left show the sync 
point, i.e., the beginning of the suffix cycle, on the trajectories of the robots. 

Fig.|4j respectively and upload the data at 9. We define 11 = 
{RlGather, RlUpload, R2Gather, R2Upload, Upload, 
Sync} and assign the atomic propositions as 

£1(7) = {RlGather}, £1(9) = {RlUpload, Upload} 
£2(8) = {R2Gather},/:2(9) = {R2Upload, Upload}. 

where Upload is set as the optimizing proposition (tt as in 
formula ^) due to the task specification. Next, we forbid 
data uploads unless robots have something to upload using 
the LTL formula 

(p = G(RlUpload X(^RlUpload U RlGather)) 
A G(R2Upload X(^R2Upload U R2Gather)). 

Our overall LTL formula in the form of ^ is 

(l^sync = (pAGF Upload A G F Sync. (8) 

Running our algorithms on an iMac i5 quad-core com- 
puter, we obtain the robust optimal trajectory as illustrated 
in Fig. |5] The algorithm ran for 35 minutes, and the region 
automaton User had 5224 states. The value of the cost 
function was 19 time units (57 seconds) with an upper- 
bound of 27.55 time units (82.65 seconds), meaning that the 
maximum time in between data uploads would be less than 
82.65 seconds in the field. This result was experimentally 
verified in our robotic test-bed and the maximum time in 
between data uploads was measured to be 64 seconds (21.3 
time units) during a run of 13 minutes. In order to confirm 
and demonstrate the effectiveness of our approach, we exe- 
cuted the same trajectory without any synchronization. After 
approximately 6.5 minutes, the maximum time in between 
data uploads was measured to be 92 seconds (30.7 time 
units), much worse than what is provided by our approach. 
Our video submission accompanying the paper displays the 
robot trajectories for both cases. 

It is interesting to note that, in the optimal solution the 
second robot spends extra time spinning between states 4cvv^ 
and 4ccvv^ (Figs. |4bj |5]). This behavior is actually time- 
wise optimal as it decreases the maximum time between 
successive satisfying instances of the optimizing proposition. 



VI. Conclusions 

In this paper we presented and experimentally evaluated 
a method for planning robust optimal trajectories for a team 
of robots that satisfy a common temporal logic mission 
specification. Our method is robust to uncertainties in the 
traveling times of each robot, and thus has practical value in 
applications where multiple robots must perform a series of 
tasks collectively in a common environment. We considered 
trace-closed temporal logic formulas with optimizing and 
synchronizing propositions that must be repeatedly satisfied. 
In the absence of timing errors, the motion plan delivered 
by our method is optimal in the sense that it minimizes the 
maximum time between satisfying instances of the optimiz- 
ing proposition. If the traveling times observed in the field 
deviate from those given by the transition systems of the 
robots, our method guarantees that the mission specification 
is never violated and provides an upper bound on the 
ratio between the performance in the field and the optimal 
performance. 
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